One of the ways retailers have sought to comply with Payment Card Industry (PCI) requirements is to implement tokenization — a payment data encryption method in which ciphered cardholder data is stored in a central database, or vault. During payment transactions, that information is replaced by “tokens” that identify cardholders while preserving their data security.
But a number of these central database solutions have relied on expensive, complex replication schemes to create a new vault for every merchant requesting tokenization. This centralized process also increases risk of a token vault breach.
To maintain the reliability of tokenization, while eliminating the need to create a new vault for each merchant, Protegrity, a provider of end-to-end data security solutions, has announced Vaultless Tokenization for the Payments Industry. According to a company press release, the approach removes primary account number (PAN) data from the payment environment to facilitate PCI compliance and minimize risk, while quickly scaling to thousands of merchants, without the cost and complexity of a backend database infrastructure. The new solution is designed to eliminate performance and scalability bottlenecks caused by latency, data collisions and the need to store sensitive data and tokens on a token server, the release stated.
Advertisement
Protegrity’s Vaultless Tokenization for the Payments Industry “enables processors and gateways to remove their customers’ financial, operational and security burdens of dealing with toxic PAN data,” said Suni Munshani, CEO of Protegrity, “while scaling across thousands of merchants.”